EU Justice Commissioner Vera Jourova said it's right that Facebook CEO Mark Zuckerberg will answer MEPs' questions about the company's data scandal on Tuesday. "Europeans are more sensitive about their privacy than Americans," she said. [Commission]

Facebook CEO Mark Zuckerberg’s meeting on Tuesday afternoon (22 May) with European Parliament leaders is “the right thing for himself” after the company’s recent data collection scandal, EU Justice Commissioner Věra Jourová said in an interview.

At around 6:15PM on Tuesday, Zuckerberg will meet privately with European Parliament President Antonio Tajani, the leaders of the house’s political groups, Claude Moraes, the British MEP who chairs the powerful Civil Liberties Committee (LIBE) and Jan Philipp Albrecht, the German Green who led negotiations on the EU data protection regulation. T

That strict new legislation, known as the General Data Protection Regulation (GDPR), takes effect this Friday (25 May).

On Monday, Tajani announced that the meeting will be livestreamed online. MEPs from different political groups demanded that Zuckerberg answer questions on camera.

“I welcome this change,” Jourová tweeted after Tajani’s announcement about the livestream.

Some MEPs were outraged when Tajani revealed last week that the meeting will be private. The Parliament had originally demanded a much bigger format. Last month, Tajani asked Zuckerberg to attend a public hearing in front of four Parliament committees.

Jourová will not cross paths with Zuckerberg during his visit to Brussels because she will be attending a justice ministers’ meeting in Bulgaria. On Wednesday, he will meet French President Emmanuel Macron in Paris. The billionaire CEO will not meet any other European officials on his trip.

After weeks of back-and-forth between the European Parliament and Facebook executives, CEO Mark Zuckerberg agreed on Wednesday (16 May) to meet with political leaders in Brussels over the company’s recent data breach scandal.

“The right thing”

The justice Commissioner told EURACTIV that for Zuckerberg, it’s “the right thing for himself that he comes and explains what happened and also to give people here some assurance that it will not repeat and there will be protections in place”.

“Because Europeans want to hear this. Europeans are more sensitive about their privacy than Americans,” Jourová added.

Zuckerberg testified for more than 10 hours before the US Congress last month over the massive data scandal, which prompted Facebook to introduce new privacy settings. In March, the Observer and the New York Times reported that consultancy firm Cambridge Analytica had analysed around 87 million Facebook users’ profile data for political campaign work without their consent. Around 2.7 million of the affected users were based in the EU.

A coalition of activist groups on Monday announced a campaign to break up Facebook, arguing that the huge social network “has too much power over our lives and democracy.”

Jourová, who has previously admitted that she does not have her own Facebook account, said she had expected more users would leave the social media platform after the news broke.

But Jourová acknowledged that for many people, maintaining a Facebook account is “existential”. She has touted the GDPR, which kicks in this Friday, as a legal obstacle to future Cambridge Analytica-style abuse.

In the case of social media users, “there might be some commercial activities where you get trapped”, Jourová said.

“You are attacked by advertisements every day from different sides. Here I want to have a chance for people to say, ‘Stop, I don’t want that.’

The EU needs more legal safeguards to prevent massive privacy breaches like the current scandal over Facebook and British political consulting firm Cambridge Analytica, MEPs from different political parties argued on Wednesday (18 April).

But with days left before the law takes effect, the justice Commissioner is still worried that national data protection authorities in several EU countries might not have the manpower to thoroughly police tech companies. The privacy regulators will receive an arsenal of new powers under the GDPR, and can investigate data protection breaches and fine companies up to €20 billion of 4% of their global turnover.

She referred to regulators in different countries that operate with few resources and struggle to recruit staff – and who will not be well-positioned to crack down on tech giants that break the law.

“GDPR is based on risk assessment and where we see the biggest risks – it’s logical – are from the side of the big companies which harvest massive amounts of data, of millions of users. Here we need to have the data protection authorities equipped well to face this,” the Commissioner said.

“For Facebook and others, this will require a lot of capacities,” she added.

Ireland’s privacy regulator will increase its total staff number to around 140 this year. Facebook and Google have their European headquarters in Ireland, and the Irish authority will be the EU’s main watchdog in charge of GDPR-related investigations of the companies.

Authorities in other EU countries are struggling even more than the Irish regulator to keep up with the new law. Seventeen out of 24 EU data protection authorities that responded to aReuters survey this month said they lack the resources to carry out their new tasks.

Europe’s powerful data protection regulators are banding together to coordinate how they investigate and sanction misbehaving companies before a major overhaul of the bloc’s privacy law takes effect in May.

Jourová said she is writing a letter to all EU ministers who oversee data protection law in their countries. She has a stern warning for national governments that refuse to increase their privacy regulators’ funding – as well as for the eight EU countries that still have not translated the GDPR into national law.

“Of course there will be a specific message for states where we don’t see the legislation. We will combine it also with the pleas of having strong enough capacities for the data protection authorities,” she said.

According to Commission data, Bulgaria, Belgium, Cyprus, Greece, the Czech Republic, Hungary, Lithuania and Slovenia will all likely miss the 25 May GDPR deadline because they have not updated their own laws.

“I am worried about the legal chaos in those countries,” Jourová said.

The justice Commissioner did not indicate whether she will already threaten those countries with lawsuits for failing to introduce the new EU law on time.

“For me, some kind of big work is starting on the 26 of May. The job is not done,” she said.

All EU countries except Germany and Austria are unprepared for a major overhaul of the bloc’s privacy rules that will go into effect in May. The European Commission is amping up pressure on the 26 member states that are lagging behind.